-*- Fundamental -*- Sections [ - ] [] [] usually [SERVER] [DEFAULT] Keys are looked up in that order, unless otherwise specified. is the client's virtual address. must be a valid DNS hostname and not look like an address. Exceptional settings: server Specifies . Is looked up in [SERVER] and [DEFAULT] only. If not specified there, it is SERVER. Used by server to select the appropriate parts of the rest of the configuration. Ignored by the client. password Looked up in the usual way, but used by client and server to determine which possible peerings to try to set up, and which to ignore. We define the sets of putative clients and servers, as follows: all those, for which there is any section (even an empty one) whose name is based on or (as applicable). (LIMIT sections do not count.) The server queue packets for, and accept requests from, each putative client for which the config search yields a password. Each client will create a local interface, and try to communicate with the server, for each possible pair (putative server, putative client) for which the config search yields a password. ipif Command to run to create and communicate with local network interface. Passed to sh -c. Must speak SLIP on stdin/stdout. The following additional interpolations aare substituted: %(local)s %(peer)s %(rnet)s on server on client ["userv root ipif %(local)s,%(peer)s,%(mtu)s,slip %(rnets)s"] On server: applies to all clients; not looked up in client-specific sections. On client: may be different for different servers. Capped settings: Values in [ LIMIT] and [LIMIT] are a cap (maximum) on those from the other sections (including DEFAULT). max_batch_down Size limit for response payloads (used by server only) [65536 bytes; LIMIT: 262144 bytes] max_queue_time Discard packets after they have been queued this long waiting for http. On server: setting applies to downward packets, and is capped by LIMIT values. On client: setting applies to upward packets, and is not affected by LIMIT values. [10 s; LIMIT: 121 s] http_timeout On server: return with empty payload any http request oustanding for this long On client: give up on any http request outstanding for for this long plus http_timeout_grace Client's effective timeout must be at least server's (checked). [30 s; LIMIT: 121] target_requests_outstanding On server: whenever number of outstanding requests for a client exceeds this, return oldest with empty payload On client: try to keep this many requests outstanding. Must match between client and server (checked). [3; LIMIT: 10] Ordinary settings, used by both, not client-specific: These are not looked up in the client-specific config sections. addrs Public IP (v4 or v6) address(es) of the server; space-separated. On server: mandatory; used for bind. No default. On client: used only to construct default url. vnetwork Private network range (/). Must contain all s. Must contain and , and used to compute their defaults. [172.24.230.192/28] vaddr Address of server's virtual interface. vrelay Virtual point-to-point address used for tunnel routing (does not appear in packets). [first host entry in other than , so 172.24.230.194] port Public port number of the server. [80] On server: used for bind. On client: used only to construct default url. mtu Must match exactly. (UNCHECKED) [1500 bytes] Ordinary settings, used by client only: http_timeout_grace See http_timeout. [5 s] max_requests_outstanding Client will hold off sending more requests than this to server even if it has data to send. [6] max_batch_up Size limit for request payloads. [4000 bytes] http_retry If a request fails, wait this long before considering it "finished" - to limit rate of futile requests. [5 s] url Public url of server. [http://:/] vroutes Virtual addresses (in CIDR syntax) to be found at the server end, space-separated. Routes to those will be created on the client. [""]